cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Intruder Alert

Richard_Smedley
Engaged Sweeper
The users on my network aren’t what you would call trustworthy and over the weekend some one connected something they shouldn’t. All lansweeper has given me is this:

Cannot resolve hostname to an IP address (MEDIACENTRE) 10/22/2011 4:29:19 PM
The RPC server is unavailable 0x800706BA (MEDIACENTRE) 10/22/2011 4:29:19 PM

Is there anyway I can get more information and catch the miscreant who by the looks of it is watching films while getting paid over time at work.

Finding the ipaddress or the MAC address would help!

This isnt the first time this has happened.
4 REPLIES 4

danielm
Champion Sweeper II
Typically if I want to track something down I can't seem to find, start with the DHCP server . Usually it will show the names of the computers. find the one you don't recognize. then goto the switches in that area and search it's ARP table to find the ip , or PING the Ip and get the MAC from your pc and search that in the arp tables..
that gets you to a switch and port.
then walk over and slap the person.
If the person plugs and unplugs it then the timing may be off so it's hard to find then but just takes time.

BrianM
Engaged Sweeper III
The only other thing you could do is lock down your connections by MAC address. LanSweeper does have the ability to pull out the MAC addresses of connected machines as well. Maybe block that one from getting on your network?

If it isn't yours, then they cannot get on. If it is wireless and they are removing it and joining a public Wi-Fi, then use the following DOS commands to stop that. It will not allow them to connect to it, and will hide it from them even being able to see it.

run command prompt as administrator from administrator account (right click, run as admin)

netsh wlan add filter permission=block ssid=%PYOUR-PUBLIC-WIFI-NAME% networktype=infrastructure


netsh wlan set blockednetworks display=hide

isit
Engaged Sweeper
Richard, review the custom actions folder, Bullgates posted a script for internet history of a user. That's how I've been catching my users. Also, I have a batch file that takes down the users firewall so that you would be able to see the machine, I'll have to find it, I made a custom action of it a long time go. Once I find it, I'll post it.

Lansweeper
Lansweeper Former Employee
Lansweeper Former Employee
If this machine is firewalled, Lansweeper won't be able to retrieve more information from it. (There would have to be an agent present on the machine.)